Project

General

Profile

Actions
Copy link

Bug #4603

closed

lots of SDNCP defrag queue msgb's allocated

Added by laforge almost 4 years ago. Updated almost 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
laforge
Category:
-
Target version:
-
Start date:
06/08/2020
Due date:
% Done:

100%

Spec Reference:

Description

In one of the crashes of #4602, there were 2783 msgb's with "SDNCP Defrag" allocated at the time of the crash:

Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:     msgb                           contains 3473671 bytes in 2785 blocks (ref 0) 0x55d97cc7b340
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         Attach Request                 contains   3208 bytes in   1 blocks (ref 0) 0x55d97d058100
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         Attach Request                 contains   3208 bytes in   1 blocks (ref 0) 0x55d97cd993d0
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d13ec90
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d13e870
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d13e450
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d13e030
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d13dc10
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d13d7f0
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d13d3d0
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d13cfb0
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d13cb90
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d13c770
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d13c350
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d13bf30
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d13bb10
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d13b6f0
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d13b2d0
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d13aeb0
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d13aa90
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d13a670
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d13a250
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d139e30
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d139a10
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d1395f0
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d1391d0
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d138db0
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d138990
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d138570
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d138150
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d137d30
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d137910
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d1374f0
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d1370d0
Jun 08 15:28:15 osmo-cn osmo-sgsn[4976]:         SNDCP Defrag                   contains    949 bytes in   1 blocks (ref 0) 0x55d97d136cb0
...

so clearly we have some memory leaking going on here.

The defrag segments are created in defrag_segments() at the end fo the defragmentation process, i.e. if all of the fragments have been received. The msgb contains the defragmented (complete) PDU.

The way how I understand defrag_segments(): It will only free the 'expnd' message if any DCOMP or PCOMP is active. But it will not actually free the 'msg' that is passed into sgsn_rx_sndcp_ud_ind(). And the latter function is not free()ing msg. In fact, it not even uses the 'msg' argument at all ?!?

Actions
Copy link

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)